Note: Javascript is disabled or is not supported by your browser. For this reason, some items on this page will be unavailable. For more information about this message, please visit this page: About CDC.gov.

Introduction to Data Security

On This Page

Data security is the process of making sure data are available only to those who need to use it for a legitimate purpose. Controlling access to data helps ensure privacy, and is required by various federal agency policies and regulations.

The Value of Cancer Registry Data

Cancer registry data are especially valuable as they contain a wealth of personally identifying information that can be used for numerous illicit purposes. The most obvious is identity theft. Full names, addresses, telephone numbers, Social Security numbers, birthdates, and other personal information provide criminals the keys to obtain credit and purchase goods and services fraudulently.

A person's medical history, including diagnoses, treatments, and prescriptions, can be used to obtain prescription medication fraudulently, to embarrass or blackmail the person, or to increase insurance premiums.

Health care providers could use this breached data to enhance their ability to analyze market share and perform studies on costs, charges, and clinical services, giving the provider a competitive advantage in the market.

Employees with access to sensitive data pose a security risk that cannot be overlooked. If they discard old hardware without ensuring data are erased, personally identifying information can end up in the hands of the public when the equipment is sold as surplus. Employees, particularly disgruntled and ex-employees, may provide data to unauthorized people maliciously.

How to Protect Data

The foundation for data security is the security document. This document includes an assessment of the risks to your registry's data, policies for mitigating those risks, and procedures for handling a security breach.

DISCLAIMER: These pages are not intended to be the sole source of information or to suggest practice to establish cancer registry security policy, but rather to provide general guidance to cancer registries addressing data security concerns. These pages are not a substitute for a rigorous risk assessment and evaluation by professional information technology staff.